If you’re among the millions of Americans who have had their financial information stolen, you know how frustrating it can be. You spend hours on the phone with the bank, provide notice to umpteen creditors and, if you're really unlucky, stand in line for a new driver’s license. Now consider how infuriating it would be to go through all that knowing that the companies that hold your personal data are not taking security seriously enough.
The Ponemon Institute said that two-thirds of cybersecurity professionals don’t think their employers do enough to neutralize threats. The lack of preparation starts at the top, with only 22 percent of respondents saying their company’s cybersecurity boss briefs the board of directors. Similarly, a company’s top cybersecurity official reports to the CEO in only 14 percent of the companies polled.
The study surveyed 1,006 international cybersecurity executives about how prepared their organizations are to handle growing cyberthreats. The names of the companies were not disclosed.
Michael Daily, chief technology officer at Raytheon Cybersecurity, which sponsored the Ponemon study, suggested cybersecurity isn’t a topic of discussion in the board room because executives tend to delegate the task. “It’s reflected in the organization structure,” he said.
Other warnings from the study include:
- Under half (47 percent) of respondents said their company currently has sufficient resources to defend itself.
- 66 percent said their organization needs to hire more knowledgeable and experienced cybersecurity professionals.
- 75 percent said senior leadership views cybersecurity as a “necessary cost” as opposed to a “competitive advantage.”
While the corporate world still seems lax about the issue, the American public has recognized information security as a problem. An October 2014 Gallup poll found that 69 percent of Americans “frequently or occasionally worry” about having their credit card information stolen. Home burglary, car theft and having their young child hurt at school all ranked substantially lower on the list of concerns.
And that was a month before the Sony hack came as a headline-grabbing reminder that foreign hackers are devoting significant effort to infiltrate corporate America’s most sensitive networks. The good news is that most of those polled said they expect their own company to improve, even if that happens only after more hacks leave them no choice.
Insecure companies should invest in compartmentalizing their databases and other protective measures, Raytheon’s Daily said. “You want to make sure [that] if one egg breaks it doesn’t spill over to the other eggs.”